moby--moby/runconfig/config.go

package runconfig // import "github.com/docker/docker/runconfig"

import (
	"encoding/json"
	"io"

	"github.com/docker/docker/api/types/container"
	networktypes "github.com/docker/docker/api/types/network"
	"github.com/docker/docker/pkg/sysinfo"
)

// ContainerDecoder implements httputils.ContainerDecoder
// calling DecodeContainerConfig.
type ContainerDecoder struct {
	GetSysInfo func() *sysinfo.SysInfo
}

// DecodeConfig makes ContainerDecoder to implement httputils.ContainerDecoder
func (r ContainerDecoder) DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
	var si *sysinfo.SysInfo
	if r.GetSysInfo != nil {
		si = r.GetSysInfo()
	} else {
		si = sysinfo.New()
	}

	return decodeContainerConfig(src, si)
}

// DecodeHostConfig makes ContainerDecoder to implement httputils.ContainerDecoder
func (r ContainerDecoder) DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {
	return decodeHostConfig(src)
}

// decodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper
// struct and returns both a Config and a HostConfig struct, and performs some
// validation. Certain parameters need daemon-side validation that cannot be done
// on the client, as only the daemon knows what is valid for the platform.
// Be aware this function is not checking whether the resulted structs are nil,
// it's your business to do so
func decodeContainerConfig(src io.Reader, si *sysinfo.SysInfo) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
	var w ContainerConfigWrapper
	if err := loadJSON(src, &w); err != nil {
		return nil, nil, nil, err
	}

	hc := w.getHostConfig()
	if hc == nil {
		// We may not be passed a host config, such as in the case of docker commit
		return w.Config, hc, w.NetworkingConfig, nil
	}
	if err := validateNetMode(w.Config, hc); err != nil {
		return nil, nil, nil, err
	}
	if err := validateIsolation(hc); err != nil {
		return nil, nil, nil, err
	}
	if err := validateQoS(hc); err != nil {
		return nil, nil, nil, err
	}
	if err := validateResources(hc, si); err != nil {
		return nil, nil, nil, err
	}
	if err := validatePrivileged(hc); err != nil {
		return nil, nil, nil, err
	}
	if err := validateReadonlyRootfs(hc); err != nil {
		return nil, nil, nil, err
	}
	if w.Config != nil && w.Config.Volumes == nil {
		w.Config.Volumes = make(map[string]struct{})
	}
	return w.Config, hc, w.NetworkingConfig, nil
}

// loadJSON is similar to api/server/httputils.ReadJSON()
func loadJSON(src io.Reader, out interface{}) error {
	dec := json.NewDecoder(src)
	if err := dec.Decode(&out); err != nil {
		if err == io.EOF {
			return validationError("invalid JSON: got EOF while reading request body")
		}
		return validationError("invalid JSON: " + err.Error())
	}
	if dec.More() {
		return validationError("unexpected content after JSON")
	}
	return nil
}
Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-02-05 16:05:59 -05:00			`package runconfig // import "github.com/docker/docker/runconfig"`
Move the canonical run configuration objects to a sub-package * Config is now runconfig.Config * HostConfig is now runconfig.HostConfig * MergeConfig is now runconfig.Merge * CompareConfig is now runconfig.Compare * ParseRun is now runconfig.Parse * ContainerConfigFromJob is now runconfig.ContainerConfigFromJob * ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob This facilitates refactoring commands.go and shrinks the core. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-11 23:04:39 -05:00
			`import (`
Decode container configurations into typed structures. Signed-off-by: David Calavera <david.calavera@gmail.com> 2015-04-10 20:05:21 -04:00			`"encoding/json"`
			`"io"`

Add engine-api types to docker This moves the types for the `engine-api` repo to the existing types package. Signed-off-by: Michael Crosby <crosbymichael@gmail.com> 2016-09-06 14:18:12 -04:00			`"github.com/docker/docker/api/types/container"`
			`networktypes "github.com/docker/docker/api/types/network"`
Implementing support for --cpu-rt-period and --cpu-rt-runtime so that containers may specify these cgroup values at runtime. This will allow processes to change their priority to real-time within the container when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380. Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period flags to ensure that that the kernel supports these features and that runtime is not greater than period. Daemon will support a --cpu-rt-runtime flag to initialize the parent cgroup on startup, this prevents the administrator from alotting runtime to docker after each restart. There are additional checks that could be added but maybe too far? Check parent cgroups to ensure values are <= parent, inspecting rtprio ulimit and issuing a warning. Signed-off-by: Erik St. Martin <alakriti@gmail.com> 2016-06-07 15:05:43 -04:00			`"github.com/docker/docker/pkg/sysinfo"`
Move the canonical run configuration objects to a sub-package * Config is now runconfig.Config * HostConfig is now runconfig.HostConfig * MergeConfig is now runconfig.Merge * CompareConfig is now runconfig.Compare * ParseRun is now runconfig.Parse * ContainerConfigFromJob is now runconfig.ContainerConfigFromJob * ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob This facilitates refactoring commands.go and shrinks the core. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-11 23:04:39 -05:00			`)`

Remove runconfig package dependency from image and container routers. Use an interface to specify the behavior of a configuration decoder. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-03-28 14:22:23 -04:00			`// ContainerDecoder implements httputils.ContainerDecoder`
			`// calling DecodeContainerConfig.`
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2020-03-10 08:09:25 -04:00			`type ContainerDecoder struct {`
			`GetSysInfo func() *sysinfo.SysInfo`
			`}`
Remove runconfig package dependency from image and container routers. Use an interface to specify the behavior of a configuration decoder. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-03-28 14:22:23 -04:00
			`// DecodeConfig makes ContainerDecoder to implement httputils.ContainerDecoder`
			`func (r ContainerDecoder) DecodeConfig(src io.Reader) (container.Config, container.HostConfig, *networktypes.NetworkingConfig, error) {`
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2020-03-10 08:09:25 -04:00			`var si *sysinfo.SysInfo`
			`if r.GetSysInfo != nil {`
			`si = r.GetSysInfo()`
			`} else {`
pkg/sysinfo.New(), daemon.RawSysInfo(): remove "quiet" argument The "quiet" argument was only used in a single place (at daemon startup), and every other use had to pass "false" to prevent this function from logging warnings. Now that SysInfo contains the warnings that occurred when collecting the system information, we can make leave it up to the caller to use those warnings (and log them if wanted). Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2021-07-14 10:45:02 -04:00			`si = sysinfo.New()`
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2020-03-10 08:09:25 -04:00			`}`

			`return decodeContainerConfig(src, si)`
Remove runconfig package dependency from image and container routers. Use an interface to specify the behavior of a configuration decoder. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-03-28 14:22:23 -04:00			`}`

			`// DecodeHostConfig makes ContainerDecoder to implement httputils.ContainerDecoder`
			`func (r ContainerDecoder) DecodeHostConfig(src io.Reader) (*container.HostConfig, error) {`
Add decodeContainerConfig test removed from docker/cli Signed-off-by: Daniel Nephin <dnephin@docker.com> 2017-08-29 14:32:59 -04:00			`return decodeHostConfig(src)`
Remove runconfig package dependency from image and container routers. Use an interface to specify the behavior of a configuration decoder. Signed-off-by: David Calavera <david.calavera@gmail.com> 2016-03-28 14:22:23 -04:00			`}`

Remove string checking in API error handling Use strongly typed errors to set HTTP status codes. Error interfaces are defined in the api/errors package and errors returned from controllers are checked against these interfaces. Errors can be wraeped in a pkg/errors.Causer, as long as somewhere in the line of causes one of the interfaces is implemented. The special error interfaces take precedence over Causer, meaning if both Causer and one of the new error interfaces are implemented, the Causer is not traversed. Signed-off-by: Brian Goff <cpuguy83@gmail.com> 2017-07-19 10:20:13 -04:00			`// decodeContainerConfig decodes a json encoded config into a ContainerConfigWrapper`
runconfig: decodeContainerConfig() return early if there's no HostConfig Each of the validation functions depended on HostConfig being not `nil`. Use an early return, instead of continuing, and checking if it's `nil` in each of the validate functions. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2021-08-09 05:11:54 -04:00			`// struct and returns both a Config and a HostConfig struct, and performs some`
			`// validation. Certain parameters need daemon-side validation that cannot be done`
			`// on the client, as only the daemon knows what is valid for the platform.`
Avoid nil pointer dereference while creating a container with an empty Config Signed-off-by: Antonio Murdaca <runcom@linux.com> 2015-06-06 12:41:42 -04:00			`// Be aware this function is not checking whether the resulted structs are nil,`
			`// it's your business to do so`
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2020-03-10 08:09:25 -04:00			`func decodeContainerConfig(src io.Reader, si sysinfo.SysInfo) (container.Config, container.HostConfig, networktypes.NetworkingConfig, error) {`
Decode container configurations into typed structures. Signed-off-by: David Calavera <david.calavera@gmail.com> 2015-04-10 20:05:21 -04:00			`var w ContainerConfigWrapper`
runconfig: ContainerDecoder(): fix handling of invalid JSON Implement similar logic as is used in httputils.ReadJSON(). Before this patch, endpoints using the ContainerDecoder would incorrectly return a 500 (internal server error) status. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-04-08 17:27:50 -04:00			`if err := loadJSON(src, &w); err != nil {`
Allow user to choose the IP address for the container Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-01-07 19:18:34 -05:00			`return nil, nil, nil, err`
Move the canonical run configuration objects to a sub-package * Config is now runconfig.Config * HostConfig is now runconfig.HostConfig * MergeConfig is now runconfig.Merge * CompareConfig is now runconfig.Compare * ParseRun is now runconfig.Parse * ContainerConfigFromJob is now runconfig.ContainerConfigFromJob * ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob This facilitates refactoring commands.go and shrinks the core. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-11 23:04:39 -05:00			`}`
Decode container configurations into typed structures. Signed-off-by: David Calavera <david.calavera@gmail.com> 2015-04-10 20:05:21 -04:00
Move netmode validation to server Signed-off-by: John Howard <jhoward@microsoft.com> 2015-07-09 18:12:36 -04:00			`hc := w.getHostConfig()`
runconfig: decodeContainerConfig() return early if there's no HostConfig Each of the validation functions depended on HostConfig being not `nil`. Use an early return, instead of continuing, and checking if it's `nil` in each of the validate functions. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2021-08-09 05:11:54 -04:00			`if hc == nil {`
			`// We may not be passed a host config, such as in the case of docker commit`
			`return w.Config, hc, w.NetworkingConfig, nil`
Windows: Add volume support Signed-off-by: John Howard <jhoward@microsoft.com> 2015-09-09 22:23:06 -04:00			`}`
Windows: Balk on --privileged Signed-off-by: John Howard (VM) <jhoward@ntdev.microsoft.com> 2017-03-10 12:39:22 -05:00			`if err := validateNetMode(w.Config, hc); err != nil {`
Allow user to choose the IP address for the container Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-01-07 19:18:34 -05:00			`return nil, nil, nil, err`
Move netmode validation to server Signed-off-by: John Howard <jhoward@microsoft.com> 2015-07-09 18:12:36 -04:00			`}`
Windows: Balk on --privileged Signed-off-by: John Howard (VM) <jhoward@ntdev.microsoft.com> 2017-03-10 12:39:22 -05:00			`if err := validateIsolation(hc); err != nil {`
Allow user to choose the IP address for the container Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-01-07 19:18:34 -05:00			`return nil, nil, nil, err`
Windows: Adds support for Hyper-V Containers Signed-off-by: John Howard <jhoward@microsoft.com> 2015-09-18 21:21:57 -04:00			`}`
Windows: Balk on --privileged Signed-off-by: John Howard (VM) <jhoward@ntdev.microsoft.com> 2017-03-10 12:39:22 -05:00			`if err := validateQoS(hc); err != nil {`
Add IO Resource Controls for Windows Signed-off-by: Darren Stahl <darst@microsoft.com> 2016-02-24 20:51:46 -05:00			`return nil, nil, nil, err`
			`}`
cgroup2: implement `docker info` ref: https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp> 2020-03-10 08:09:25 -04:00			`if err := validateResources(hc, si); err != nil {`
Implementing support for --cpu-rt-period and --cpu-rt-runtime so that containers may specify these cgroup values at runtime. This will allow processes to change their priority to real-time within the container when CONFIG_RT_GROUP_SCHED is enabled in the kernel. See #22380. Also added sanity checks for the new --cpu-rt-runtime and --cpu-rt-period flags to ensure that that the kernel supports these features and that runtime is not greater than period. Daemon will support a --cpu-rt-runtime flag to initialize the parent cgroup on startup, this prevents the administrator from alotting runtime to docker after each restart. There are additional checks that could be added but maybe too far? Check parent cgroups to ensure values are <= parent, inspecting rtprio ulimit and issuing a warning. Signed-off-by: Erik St. Martin <alakriti@gmail.com> 2016-06-07 15:05:43 -04:00			`return nil, nil, nil, err`
			`}`
Windows: Balk on --privileged Signed-off-by: John Howard (VM) <jhoward@ntdev.microsoft.com> 2017-03-10 12:39:22 -05:00			`if err := validatePrivileged(hc); err != nil {`
			`return nil, nil, nil, err`
			`}`
Windows: Block read-only Signed-off-by: John Howard <jhoward@microsoft.com> 2017-05-08 12:29:37 -04:00			`if err := validateReadonlyRootfs(hc); err != nil {`
			`return nil, nil, nil, err`
			`}`
runconfig: decodeContainerConfig() return early if there's no HostConfig Each of the validation functions depended on HostConfig being not `nil`. Use an early return, instead of continuing, and checking if it's `nil` in each of the validate functions. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2021-08-09 05:11:54 -04:00			`if w.Config != nil && w.Config.Volumes == nil {`
			`w.Config.Volumes = make(map[string]struct{})`
			`}`
Allow user to choose the IP address for the container Signed-off-by: Alessandro Boch <aboch@docker.com> 2016-01-07 19:18:34 -05:00			`return w.Config, hc, w.NetworkingConfig, nil`
Move the canonical run configuration objects to a sub-package * Config is now runconfig.Config * HostConfig is now runconfig.HostConfig * MergeConfig is now runconfig.Merge * CompareConfig is now runconfig.Compare * ParseRun is now runconfig.Parse * ContainerConfigFromJob is now runconfig.ContainerConfigFromJob * ContainerHostConfigFromJob is now runconfig.ContainerHostConfigFromJob This facilitates refactoring commands.go and shrinks the core. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-11 23:04:39 -05:00			`}`
runconfig: ContainerDecoder(): fix handling of invalid JSON Implement similar logic as is used in httputils.ReadJSON(). Before this patch, endpoints using the ContainerDecoder would incorrectly return a 500 (internal server error) status. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2022-04-08 17:27:50 -04:00
			`// loadJSON is similar to api/server/httputils.ReadJSON()`
			`func loadJSON(src io.Reader, out interface{}) error {`
			`dec := json.NewDecoder(src)`
			`if err := dec.Decode(&out); err != nil {`
			`if err == io.EOF {`
			`return validationError("invalid JSON: got EOF while reading request body")`
			`}`
			`return validationError("invalid JSON: " + err.Error())`
			`}`
			`if dec.More() {`
			`return validationError("unexpected content after JSON")`
			`}`
			`return nil`
			`}`